<?php
        unset($_GET);
       
        if( isset($_POST['username']) && isset($_POST['password']) ) {
       
            echo '<?xml version="1.0"?>'."\n";
            echo "<login>\n";
       
            if (!@mysql_connect('localhost', 'vidalelu_epic', 'vidalebardella')) { error(1); }
            if (!mysql_select_db('vidalelu_epic')) { error(2); }
       
            if(get_magic_quotes_gpc()) {
                $login = stripslashes($_POST['username']);
                $pass  = stripslashes($_POST['password']);
            } else {
                $login = $_POST['username'];
                $pass  = $_POST['password'];
            }
       
            unset($_POST);
           
            $kid = login($login, $pass);
            if($kid == -1) {
                error(3);
            } else {
                printf('    <user id="%d"/>'."\n",$kid);
            }
                   
            echo "</login>";
        }

        function error($ec) {
            printf('    <error value="%d"/>'."\n".'</login>',$ec);
            die();
        }

        function login($login, $pass) {
            $select = "SELECT user_id FROM auth_table ";
            $where = "WHERE username = '%s' AND password = '%s'";
            $fixedlogin = mysql_real_escape_string($login);
            $fixedpass  = mysql_real_escape_string($pass);
            $query = sprintf($select.$where, $fixedlogin, $fixedpass);
            $result = mysql_query($query);
            if(mysql_num_rows($result) != 1) { return -1; }   
            $row = mysql_fetch_row($result);
            return $row[0];
        }
    ?>
